package com.bs.areport.sys.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.List;


import javax.servlet.RequestDispatcher;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.bs.restframework.adaptive.util.DataAdaptiveUtil;

import com.bs.restframework.context.util.SystemContextUtil;
import com.bs.restframework.session.UserSession;



/**
 * <p>
 * Title:  权限认证类
 * </p>
 * 
 * 
 * <p>
 * Copyright: Copyright (c) 2009
 * </p>
 * 
 * <p>
 * Company: EPay团队
 * </p>
 * 
 * <p>
 * 建立时间: 2011-06-28 上午11:22:30
 * </p>
 * 
 * @author 林光延
 * 
 * @version 1.0
 * 
 *          修订记录: 2011-06-28 上午11:22:30  林光延  建立
 * 
 */

public class DefaultResCheck {

	private static Logger log = LoggerFactory.getLogger(DefaultResCheck .class);
	
	//日志管理类


	/**
	 * 不检测Web资源
	 */
	public  List<String> noCheckWebRes = null;
	
	/**
	 * 
	 */
	public HashMap<String,List<String>> sysServiceList = null;

	public HashMap<String, List<String>> getSysServiceList() {
		return sysServiceList;
	}

	public void setSysServiceList(HashMap<String, List<String>> sysServiceList) {
		this.sysServiceList = sysServiceList;
	}
	
	/**
	 * 非法跳转页全路径
	 */
	public String defaultPage = null;
	/**
	 * 
	 * <p>函数名称：发送页面        </p>
	 * <p>功能说明：
	 *
	 * </p>
	 *<p>参数说明：</p>
	 * @param request
	 * @param response
	 * @param dot
	 * @param code
	 * @param msg
	 *
	 * @date   创建时间：2011-7-13
	 * @author 作者：林光延
	 */
	private void sendView(ServletRequest request, ServletResponse response,String dot,String code ,String msg){
		if(dot.equalsIgnoreCase("do") || dot.equalsIgnoreCase("file") || dot.equalsIgnoreCase("jsp")){
			sendToDefault(request,response,defaultPage,msg);
		}else if(dot.equalsIgnoreCase("json") || dot.equalsIgnoreCase("xml")||dot.equalsIgnoreCase("String")){
			writeResponse(request,response,dot,code,msg);
		}
	}

	/**urlDot[1]
	 * 
	 * <p>函数名称：  登录合法性校验      </p>
	 * <p>功能说明：
	 *
	 * </p>
	 *<p>参数说明：</p>
	 * @param request
	 * @param response
	 * @return
	 *
	 * @date   创建时间：2011-7-13
	 * @author 作者：林光延
	 */
	@SuppressWarnings("static-access")
	public boolean doCheck(ServletRequest request, ServletResponse response) {
		
		 String url = ((HttpServletRequest)request).getRequestURI();		
		 String ip= ((HttpServletRequest)request).getRemoteAddr();
		 String token = request.getParameter("Token");
		 System.out.println(token);
		 UserSession us = SystemContextUtil.getSessionMange().getUserSession(token);
		 String userCode="";
		 String userName="";
		 String url2 = url.replace(".", "#");
		 String[] urlDot =(url2.trim()+"#").split("#");
		 String logType = "-1";
		 
		 log.debug("调用地址 URL: " + url);
			// 不是无需安全检查
			if (!this.noCheck(url)) {
				 if (us != null)
				 {
					 userCode=us.getUserCode();
					 userName = us.getUserName();
					log.debug("==============调用地址 URL:【{}】 =============", url);
					
					//如果用户没有登录
					if(!us.isLogin()){
						logType = "0";
						sendView(request, response,urlDot[1],"LOGIN_001","您未登录系统或登录已过期<br/>请重新登录!!!");
						return false;
					}
				 }
				 else
				 {
					sendView(request, response,urlDot[1],"LOGIN_001","您未登录系统或登录已过期<br/>请重新登录!!!");
					return false;
				 }
			} 
		return true;
	}

	public String getDefaultPage() {
		return defaultPage;
	}

	public void setDefaultPage(String defaultPage) {
		this.defaultPage = defaultPage;
	}

	public  List<String> getNoCheckWebRes() {
		return this.noCheckWebRes;
	}

	public  void setNoCheckWebRes(List<String> noCheckWebRes) {
		this.noCheckWebRes = noCheckWebRes;
	}

	/**
	 * 
	 * <p>函数名称：输出流        </p>
	 * <p>功能说明：
	 *
	 * </p>
	 *<p>参数说明：</p>
	 * @param request
	 * @param response
	 *
	 * @date   创建时间：2011-6-29
	 * @author 作者：林光延
	 */
	private void writeResponse(ServletRequest request,ServletResponse response,String urlDot,String code, String msg){
		HashMap<String, Object> result2 = new HashMap<String, Object>();
		result2.put("CODE", code);
		result2.put("MSG", msg);

		if ("json".equalsIgnoreCase(urlDot)
				|| "String".equalsIgnoreCase(urlDot)) {
			response.setContentType("text/html; charset=utf-8");
			try {

				response.getWriter().print(
						DataAdaptiveUtil.getDataAdaptive("json")
								.toString(result2).getBytes("UTF-8"));
			} catch (IOException e) {
				log.debug("写入Response的时候出错: ", e.getMessage());
				e.printStackTrace();
			}
		} else if ("xml".equalsIgnoreCase(urlDot)) {
			response.setContentType("text/html; charset=utf-8");
			try {

				response.getWriter().print(
						DataAdaptiveUtil.getDataAdaptive("xml")
								.toString(result2).getBytes("UTF-8"));
			} catch (IOException e) {
				log.debug("写入Response的时候出错: ", e.getMessage());
				e.printStackTrace();
			}
		}
	}
	
	/**
	 * 
	 * <p>函数名称：     检测是否为不用授权服务    </p>
	 * <p>功能说明：
	 *
	 * </p>
	 *<p>参数说明：</p>
	 * @param url
	 * @return
	 *
	 * @date   创建时间：2011-6-29
	 * @author 作者：林光延
	 */
	private boolean noCheck(String url){
		for(int i=0 ;i< noCheckWebRes.size();i++){
			String noCheckUrl = noCheckWebRes.get(i);
			if(noCheckUrl.equals("/*")){
				return true;
			}else if(noCheckUrl.equals(url)){
				return true;
			}else{
				if(noCheckUrl.substring(noCheckUrl.length() - 1, noCheckUrl.length()).equals('*')){
					String tmp = noCheckUrl.substring(0, noCheckUrl.length() - 2);
					if(url.indexOf(tmp)>0)
						return true;
				}else if(url.indexOf(noCheckUrl)>0){
					return true;
				}
			}
			
		}
		return false;
	}
	
	/**
	 * 
	 * <p>函数名称：    跳转到出错页    </p>
	 * <p>功能说明：
	 *
	 * </p>
	 *<p>参数说明：</p>
	 * @param request
	 * @param response
	 * @param pageName
	 *
	 * @date   创建时间：2011-6-29
	 * @author 作者：林光延
	 */
	private void sendToDefault(ServletRequest request, ServletResponse response,String pageName,String msg){
		String path = ((HttpServletRequest) request).getContextPath();
		if(pageName.substring(0,1).equals("/"))
			pageName = path+pageName;
		else
			pageName = path+"/"+pageName;
		try{
			HttpServletRequest req = (HttpServletRequest)request;
			HttpServletResponse res = (HttpServletResponse)response;
			req.setAttribute("msg", msg);
			RequestDispatcher rd = ((HttpServletRequest)request).getRequestDispatcher("/login_error.jsp");
			rd.forward(req, res);
		} catch (Exception ex) {
			ex.printStackTrace();
		}


	}
	
}
